Reflection for Secure IT for Windows Client 8.0 Release Notes

Reflection for Secure IT Windows Client 8.0 (released February 2017) is available now for new and existing customers. This technical note provides information about how to obtain your update and a list of features and fixes included in the update. This note also includes fixes in Reflection FTP Client 16.0, which is included with Reflection for Secure IT Windows Client.

Version 8.0 is cumulative and also applies the features and fixes provided in earlier updates and service packs. For a list of these features and fixes see the following:

• Reflection for Secure IT Client 7.2 Service Pack 5, see KB 7021994.
• Reflection for Secure IT Client 7.2 Service Pack 4 Update 1, see KB 7021993.
• Reflection for Secure IT Client 7.2 Service Pack 4, see KB 7021990.
• Reflection for Secure IT Client 7.2 Service Pack 3 Update 1, see KB 7022038.
• Reflection for Secure IT Client 7.2 Service Pack 3, see KB 7021991.

For important information regarding security updates and Reflection for Secure IT, see https://support.microfocus.com/security/.

Obtaining the Update

Maintained customers are eligible to download the latest product releases from the Downloads website: https://download.attachmate.com/Upgrades/. For information about logging into and using the Downloads website, see KB 7021965.

Supported Platforms

Reflection for Secure IT Windows Client 8.0 adds support for Windows 10. For further information about platform support in Reflection, see KB 7022010.

Security Fixes

This release includes fixes for the following reported security vulnerabilities. For additional information, see https://support.microfocus.com/security/.

• CVE-2015-0204: OpenSSL Client RSA Silent Downgrade Vulnerability
• CVE-2015-4000: Diffie-Hellman Logjam Vulnerabilities
• CVE-2015-0289: NULL pointer dereferences
• CVE-2015-0292: Base64 decode
• CVE-2016-0705: Double-free in DSA code
• BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
• CVE-2016-0702: Side channel attack on modular exponentiation
• CVE 2016-2018 – OpenSSL Security Advisory

Reflection Client 8.0 for Windows

• After configuring Client Authentication with "Automatically select client certificate" (the default) chosen, the automatic chooser no longer chooses an expired certificate when a valid certificate exists in the list.
• The following UTF-8 characters are now drawn correctly: U+25a0, U+203b, U+2234, U+2235, U+2312, U+223d.
• A problem closing the connection when downloading a large CRL (2 MB) exceeds the connection timeout has been resolved. Previously if the time required to download the CRL exceeded the connection timeout, Reflection lost the connection to the server with an exception error in rssh.exe.
• The sftp command line client now returns to command prompt after connection timed-out with exit code 84 on Windows 8, Windows Server 2012, and Windows 10.
• Reflection for Secure IT Windows Client 8.0 is now supported on Windows 10.

Reflection FTP Client 16.0

• Reflection ftpCOM API IsConnected and LastError properties now return correct status after a Host disconnect event.
• An issue that could cause the Reflection FTP Client to shut down unexpectedly while transferring a large number of files going to an OpenVMS (Process software) SSH server has been resolved.
• Connections using SSL/TLS now support DH cipher suites, and no longer support 40-bit and 56-bit cipher suites.

Legacy KB ID

This document was originally published as Attachmate Technical Note 2895.